diff options
| author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-11-02 18:46:40 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-11-18 15:28:16 +0300 |
| commit | a2a2087c7df085e9c582a531f05fe0befd3281db (patch) | |
| tree | cd04784466cde04fa856e281ef3cb4b02bff901f | |
| parent | 8aa4c6cfb84de6330e5e6955413f74c174a19cf8 (diff) | |
| download | openbmc-a2a2087c7df085e9c582a531f05fe0befd3281db.tar.xz | |
Use debug-tweaks, allow-root-login to allow root.
root user account is enabled with proper privilege and group,
only if debug-tweaks or allow-root-login FEATURES is defined.
Note: This will not remove root user getting managed from
phosphor-user-manager, instead it will make sure, the privilege
and groups are empty for the root user.
Tested:
1. Verified the default build, which has debug-tweaks, allowing
root user to be with priv-admin, and enabled for all groups.
2. Verified by removing debug-tweaks from the local.conf, and
root user privilege & groups are empty.
(From meta-phosphor rev: b1b8251f4e5f19189057cdeb998cf119be1c27b8)
Change-Id: Iec2a0b1a9f84c27dd4947125903ce43f3a9c3c2c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
5 files changed, 11 insertions, 8 deletions
diff --git a/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass new file mode 100644 index 000000000..3485661b3 --- /dev/null +++ b/meta-phosphor/classes/phosphor-rootfs-postcommands.bbclass @@ -0,0 +1,10 @@ +# +# This function is intended to add root to corresponding groups if 'debug-tweaks' or 'allow-root-login' is in IMAGE_FEATURES. +# +update_root_user_groups () { + if [ -e ${IMAGE_ROOTFS}/etc/group ]; then + sed -i '/^\(ipmi\|web\|redfish\|priv-admin\):.*:.*:$/s/$/root/' ${IMAGE_ROOTFS}/etc/group + fi +} +# Add root user to the needed groups +ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains_any("IMAGE_FEATURES", [ 'debug-tweaks', 'allow-root-login' ], "update_root_user_groups; ", "", d)}' diff --git a/meta-phosphor/conf/distro/include/phosphor-base.inc b/meta-phosphor/conf/distro/include/phosphor-base.inc index 20fd21643..7970fefcd 100644 --- a/meta-phosphor/conf/distro/include/phosphor-base.inc +++ b/meta-phosphor/conf/distro/include/phosphor-base.inc @@ -133,7 +133,7 @@ include conf/distro/include/openbmc-phosphor/${MACHINE}.inc KERNEL_FEATURES_append = " phosphor-gpio-keys" KERNEL_FEATURES_remove_qemuall = " phosphor-gpio-keys" -IMAGE_CLASSES_append = " image_types_phosphor" +IMAGE_CLASSES_append = " image_types_phosphor phosphor-rootfs-postcommands" IMAGE_CLASSES_append_npcm7xx = " image_types_phosphor_nuvoton" IMAGE_INSTALL_append = " dbus-broker" diff --git a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb index 396f9781d..e08b3b83c 100644 --- a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb +++ b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb @@ -6,8 +6,6 @@ USERADD_PACKAGES = "${PN}" # add a user called httpd for the server to assume USERADD_PARAM_${PN} = "-r -s /usr/sbin/nologin bmcweb" GROUPADD_PARAM_${PN} = "web; redfish" -# Add root user to web & redfish group -GROUPMEMS_PARAM_${PN} = "-g web -a root; -g redfish -a root" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENCE;md5=a6a4edad4aed50f39a66d098d74b265b" diff --git a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb index f654d0ce6..e41da0be3 100644 --- a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb +++ b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host_git.bb @@ -54,8 +54,6 @@ inherit useradd USERADD_PACKAGES = "${PN}" # add ipmi group GROUPADD_PARAM_${PN} = "ipmi" -# Add root user to ipmi group -GROUPMEMS_PARAM_${PN} = "-g ipmi -a root" SYSTEMD_SERVICE_${PN} += "xyz.openbmc_project.Ipmi.Internal.SoftPowerOff.service phosphor-ipmi-host.service" diff --git a/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb b/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb index dee81eb1b..4ccf0c3a4 100644 --- a/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb +++ b/meta-phosphor/recipes-phosphor/users/phosphor-user-manager_git.bb @@ -26,9 +26,6 @@ DBUS_PACKAGES = "${USERADD_PACKAGES}" GROUPADD_PARAM_${PN} = "priv-admin; priv-operator; priv-user; priv-callback " GROUPADD_PARAM_phosphor-ldap = "priv-admin; priv-operator; priv-user; priv-callback " -# Add root user to priv-admin group -GROUPMEMS_PARAM_${PN} = "-g priv-admin -a root" - DBUS_SERVICE_${PN} += "xyz.openbmc_project.User.Manager.service" FILES_phosphor-ldap += " \ ${bindir}/phosphor-ldap-conf \ |